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describes version 2.0 of a protocol that International 
Machines Corporation (IBM) has been implementing in most of 
agents to allow dynamic extension of supported MIBs. Bell 
Research (BNR) has also implemented a version of this 


in some of its SNMP agents for the same reason. 


The Simple Network Management Protocol (SNMP [1]) Distributed 
Interface (DPI) is an extension to SNMP agents that permits 
end-users to dynamically add, delete or replace management variables 


Protocol 


in the local Management Information Base without requiring 
recompilation of the SNMP agent. 


This is achieved by writing a so- 


called sub-agent that communicates with the agent via the SNMP-DPI. 


For the author of a sub-agent, 


know the 


the SNMP-DPI eliminates the need to 


details of ASN.1 [2] or SNMP PDU (Protocol Data Unit) 
encoding/decoding [1, 3]. 


Versions 1.0 and 1.1 of this protocol have been in use within IBM 
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since 1989 and is included in the SNMP agents for VM, MVS and 0S/2. 
Version 1.2 of this protocol has been in use within BNR since 1992. 


1.1 MOTIVATION 


The Simple Network Management Protocol [1] defines a protocol that 


permits operations on a collection of variables. This set of 
variables is called the Management Information Base (MIB) and a core 
set of variables has previously been defined [4, 5]; however, the 


design of the MIB makes provision for extension of this core set. 
Thus, an enterprise or individual can define variables of their own 
which represent information of use to them. An example of a 
potentially interesting variable which is not in the core MIB would 
be CPU utilization (percent busy). Unfortunately, conventional SNMP 
agent implementations provide no means for an end-user to make 
available new variables. 


Besides this, today there are many MIBs that people want to implement 
on a system. Without a capability for sub-agents, this requires all 
the MIBs to be implemented in one big monolithic agent, which is in 
many cases undesirable. 


The SNMP DPI addresses these issues by providing a light-weight 
mechanism by which a process can register the existence of a MIB 
variable or a MIB sub-tree with the SNMP agent. Requests for the 
variable(s) that are received by the SNMP agent are passed to the 
process acting as a sub-agent. The sub-agent then returns an 
appropriate answer to the SNMP agent. The SNMP agent eventually 
packages an SNMP response packet and sends the answer back to the 
remote network management station that initiated the request. 


Remote network management stations have no knowledge that the SNMP 
agent calls on other processes to obtain an answer. As far as they 
can tell, there is only one network management application (agent) 
running on the host. 


At the San Diego IETF (March 1992) a BOF was held on multiplexing 
SNMP agent’s requirements. Both the SMUX [6] and DPI [7] protocols 
were discussed, as well as other unpublished approaches. There was 
also discussion regarding a need for a standard for multiplexing SNMP 
agents or sub-agent support. At the end of the BOF, however, there 
was not enough support for defining a standard. This was due, at 
least partially, to a few well known SNMP authors who stated that the 
proxy and party support for SNMPv2 (SMP at the time) would solve the 
problem. 
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Nevertheless, questions continue to be raised about sub-agent support 
(both in SNMP and SNMP2 mail lists) in spite of both SNMPv2 [8] being 
on the standard’s track and SMUX being changed to a historic RFC. 
Furthermore, within IBM and BNR we continue to see a substantial and 
expanding use of the DPI protocol. with positive results. 


Therefore, we believe that there is a place for a sub-agent protocol 
and we again offer this new version as an experimental protocol. We 
encourage people to try it and send us feedback. Depending on that 

feedback, we may decide to try to get onto the standards track at a 

later time. 


During discussions about sub-agent interfaces at the San Diego BOF it 
also became clear that we should reduce the focus on the API for the 


sub-agent programmers. This RFC, therefore, specifies only the 
protocol to distribute SNMP requests from the main SNMP agent to the 
sub-agents. Programmers can build one or more Programming APIs on 


top of that protocol as needed, and sample API code is available from 
the authors of this document. 


1.2 SUMMARY OF CHANGES 


The following changes have been made since the initial definition of 
SNMP-DPI [7]. Some of these resulted from comparing the SMUX [6] and 
DPI [7] protocols. 


O Documentation changes to cleanup and be more specific in some 
areas. Among other things, this includes: 


= Defining that integers are in network byte order 
= Defining the character set used for strings 

= Defining how DisplayStrings are handled. 

= Including DPI20 MIB definition. 


O Removal of the Programming API from the document. 
O Addition of new DPI packet types: 


= SNMP_DPI_OPEN for a sub-agent to open a "connection" with 
the DPI SNMP capable agent. The sub-agent must now 
identify itself and optionally provide a "password" for the 
connection. 

= SNMP_DPI_CLOSE for the agent or sub-agent to close the 
connection in a graceful way. 

= SNMP_DPI_ARE_YOU_THERE for the sub-agent to verify that the 
agent still knows about the sub-agent. 

= SNMP_DPI_UNREGISTER for the agent or sub-agent to terminate 
the registration of a MIB variable or MIB sub-tree. 
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= SNMP_DPI_COMMIT which instructs the sub-agent to actually 
commit a previous SNMP_DPI_SET request. This, together 
with the UNDO, allows DPI sub-agents to be compliant with 
SNMP in the sense that we can now handle the "as if 
simultaneous" requirement. 

= SNMP_DPI_UNDO which instructs the sub-agent to UNDO a SET 
or COMMIT if such is needed. 


O Changes to DPI packets: 


Multiple varBinds can now be exchanged in one DPI packet 

(for GET, GETNEXT, SET, TRAP). The sub-agent can specify 

the maximum it wants to handle per packet. 

< The packet headers now contain a packet-ID (similar to SNMP 
request ID in SNMP PDU). This allows to match RESPONSE 
packets to REQUESTS, which is important for UDP based 
DPI-connections. 

-= The SNMP_DPI_REGISTER packet has new fields for time_out 
and for requested priority. 

= The SNMP_DPI_TRAP packet allows to specify an enterprise 
OID. In addition, the generic and specific trap types are 
now 4 octets, so that we can pass the types correctly. 

= In general, the packets have a more consistent layout. 


O The agent now sends a RESPONSE to a REGISTER request 
O Addition of SNMPv2 error codes and value types. 

2. THEORY OF OPERATION 

2.1 CONNECTION ESTABLISHMENT AND TERMINATION 


Communication between the SNMP Agent and its clients (sub-agents) 


takes place via a communication mechanism. The communication type 
can be either a logical stream connection (via TCP, for instance) or 
an unreliable datagram connection (UDP, for instance). It should be 


noted that other stream oriented transport communication mechanisms 
can also be used. For example, the VM SNMP agent allows DPI 
connections over IUCV (Inter-User Communications Vehicle) [9, 10]. 
Other than the connection establishment procedure, the protocol used 
is identical in these environments. 


In Unix the number of processes is limited by the number of file- 
descriptors that can be opened. Since each TCP socket represents a 
file-descriptor, restricting SNMP-DPI protocol to TCP only 
connections would limit the number of sub-agents an agent could 
support. As a result, the some SNMP-DPI agents support both TCP and 
UDP socket type communication mechanisms for the SNMP-DPI protocol. 
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Please note that in the following portion of this text the SNMP-DPI 
agent is referred simply as the agent. 


Once the transport connection has been set up, the sub-agent must 
also initialize the logical connection with the agent. To do so it 
issues an OPEN request to the agent in which the sub-agent uniquely 
identifies itself and passes some other parameters to the agent, such 
as, the maximum number of varBinds per interaction it is prepared to 
handle, and the timeout the agent should use when waiting for a 
response from the sub-agent. 


When the sub-agent prepares to stop or cease operations, it first 
issues a CLOSE to shut down the logical connection with the agent, 
and then closes the transport connection. 


2.2 REGISTRATION 


A sub-agent supports a collection of MIB variables or object 
identifiers (object IDs) that constitute its MIB (sub)tree. Each of 


these object IDs consists of a group ID and an instance ID. The 
group ID is the root of the sub-agent's MIB tree that it supports and 
the point of registration to the agent’s MIB tree. The instance ID 


is the piece of the Object Identifier that follows the group ID 
(registration point), so it is not an instance in the terms of the 
SNMP definition of an instance. 


Regardless of the transport mechanism used, after establishing a 
connection to the agent, the sub-agent registers a branch (group ID) 
to the Agent's MIB tree. With the registration request, the sub- 
agent passes some parameters, such as, requested priority and a 
timeout value for this specific sub-tree. 


The agent sends back a response to indicate success or failure of the 
registration request. 


2.3 NORMAL OPERATION 
Once the sub-agent has set up both the physical and logical 
connection to the agent, and once it has successfully registered the 
sub-tree(s) of the MIB(s) that it supports, it waits for requests 
from the SNMP agent or generates traps as required. 

2.4 DPI ARCHITECTURE 


These are the requests that can be initiated by the SNMP agent: 


GET, GETNEXT, GETBULK, SET, COMMIT, UNDO, UNREGISTER, and CLOSE. 
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The first four of these correspond directly to SNMP requests that a 
network management station can make (By default a GETBULK request 
will be translated into multiple GETNEXT requests by the agent, but a 
sub-agent may request that the GETBULK be passed to it). The COMMIT, 
UNDO, UNREGISTER, ARE_YOU_THERE and CLOSE requests are specific 
SNMP-DPI requests. The sub-agent normally responds to a request with 
a RESPONSE packet. The CLOSE request is an exception for which the 
sub-agent only closes the physical connection. 


These are the requests that can be initiated by a sub-agent: 
OPEN, REGISTER, TRAP, UNREGISTER, ARE_YOU_THERE and CLOSE. 


The agent responds to OPEN, REGISTER, UNREGISTER and ARE_YOU_THERE 
with a RESPONSE packet. The TRAP packet is just accepted and 
forwarded by the agent without returning any information to the sub- 
agent. The CLOSE packet is also just accepted by the agent upon 
which it closes the physical connection. 


See Figure 1 for an overview of the DPI packet flow. 
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| | 
| SNMP Network | 
| Management Station | 
| | 
| | 
| | 


iar A a A A A EEE * 
A | Get A 
| GetNext GetResponse 
Trap | GetBulk 
| | Set 
| v | 
A A A A A A A A A n ah Ear C ria * A ia ee ee Ds * 


| | | 
| ------------------------------ | Response | a a sie | 
| | E rer >| | | 
| | | | | | 
| SNMP Agent | | | | | 

| Get, GetNext | | 

(GetBulk) Client 

| Set, Commit | 
| A Nessas Ses +—> | Undo 
| | | Get/Set | | ------------ > | | or 
| Trap | | info | | 
| | | | SNMP | 

==--- a A trap SNMP 
| | V | | DPI R ------------ | | Sub-Agent | 
| Statically Linked | | | | | | 
| Instrumentation | | | | | | 
| (like MIB IT) | | | | | 
close 
| A | | | unregister | | 
a a |] | <--====- === >} | 
| v | | | | | 
| | | 
AreYouThere 

| TCP/IP layers | | | open | 
| Kernel | | | register | | | 
| P| Je | | 
A es E te es ee ie ee * Kas És dn SS A e a * 


Figure 1. SNMP DPI overview 
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Remarks for Figure 1: 


O The SNMP agent communicates with the SNMP manager via the 
standard SNMP protocol. 
O The SNMP agent communicates with some statically linked-in 


instrumentation (potentially for the MIB 11), which in turn 
talks to the TCP/IP layers and kernel (operating system) in an 
implementation-dependent manner. 

O An SNMP sub-agent, running as a separate process (potentially 
on another machine), can set up a connection with the agent. 
The sub-agent has an option to communicate with the SNMP agent 
through UDP or TCP sockets, or even through other mechanisms. 

O Once the connection is established, the sub-agent issues a DPI 
OPEN and one or more REGISTER requests to register one or more 
MIB sub-trees with the SNMP agent. 

O The SNMP agent responds to DPI OPEN and REGISTER requests with 
a RESPONSE packet, indicating success or failure. 

O The SNMP agent will decode SNMP packets. 

If such a packet contains a Get or GetNext request for an 
object in a sub-tree registered by a sub-agent, it sends a 
corresponding DPI packet to the sub-agent. 

If the request is for a GetBulk, then the agent translates it 
into multiple DPI GETNEXT packets and sends those to the 
sub-agent. However, the sub-agent can request (in the REGISTER 
packet) that a GETBULK be passed to the sub-agent. 

If the request is for a Set, then the agent uses a 2-phase 
commit scheme and sends the sub-agent a sequence of SET/COMMIT, 
SET/UNDO or SET/COMMIT/UNDO DPI packets. 

O The SNMP sub-agent sends responses back via a RESPONSE packet. 

O The SNMP agent then encodes the reply into an SNMP packet and 
sends it back to the requesting SNMP manager. 

O If the sub-agent wants to report an important state change, it 
sends a DPI TRAP packet to the SNMP agent which will encode it 
into an SNMP trap packet and send it to the manager (s). 

O If the sub-agent wants to stop operations, it sends a DPI 
UNREGISTER and a DPI CLOSE packet to the agent. The agent 
sends a response to an UNREGISTER request. 

O There is no RESPONSE to a CLOSE, the agent just closes the DPI 
connection. A CLOSE implies an UNREGISTER for all 
registrations that exist for the DPI connection being CLOSED. 

O An agent can send DPI UNREGISTER (if a higher priority 
registration comes in or for other reasons) to the sub-agent, 
the sub-agent then responds with a DPI RESPONSE packet. 

O An agent can also (for whatever reason) send a DPI CLOSE to 
indicate it is terminating the DPI connection. 

O A sub-agent can send an ARE_YOU_THERE to verify that the 
"connection" is still open. If so, the agent sends a RESPONSE 
with no error, otherwise, it may send a RESPONSE with an error 
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indication, or not react at all. 
3. SNMP DPI PROTOCOL 


This section describes the actual protocol used between the SNMP 
agent and sub-agents. 


3.1 CONNECTION ESTABLISHMENT 


In a TCP/IP environment, the SNMP agent listens on an arbitrary 
TCP/UDP port for a connection request from a sub-agent. It is 
important to realize that a well-known port is not used: every 
invocation of the SNMP agent will potentially result in a different 
TCP/UDP port being used. 


A sub-agent needs to determine this port number to establish a 
connection. The sub-agent learns the port number from the agent by 
sending it one conventional SNMP get-request PDU. The port numbers 
are maintained by the SNMP agent as the objects whose identifiers 
are: 


dpiPort.0 (old DPI 1.x form) 
dpiPortForTCP.0 


a ALO) 
.1.2.0 dpiPortForUDP.0 

These variables are registered under the IBM enterprise-specific 
tree. See 4, "DPI 2.0 MIB definition" for more information. The 
SNMP agent replies with a conventional SNMP response PDU that 
contains the port number to be used. This response is examined by 
the sub-agent and the port number is extracted. The sub-agent then 


establishes the connection to the specified port. 


On the surface, this procedure appears to mean that the sub-agent 
must be able to create and parse SNMP packets, but this is not the 
case. A DPI Application Programming Interface (API) normally 
provides a library routine, query DPI port (), which can be used to 
generate and parse the required SNMP packets. This very small 
routine (under 100 lines of C), does not greatly increase the size of 
any sub-agent. 


NOTE: Since this RFC does not define an API, the actual code of and 
interface to a query_DPI_port() type of function depends on the 
implementation. 


For completeness, byte-by-byte descriptions of the packets to be 
generated by an SNMP DPI API routine query_DPI_port() are provided 
below. This is probably of little interest to most readers and 
reading the source of a query_DPI_port() function provides much of 
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the same information. 
Bin dl SNMP PDU TO GET THE AGENT'S DPI PORT 


As noted, before a TCP/UDP connection to the SNMP agent can be made, 
the sub-agent must learn which port that the agent is listening on. 
To do so, it can issue an SNMP GET for the variable dpiPortForTCP.0 
(1.3.6.1.4.1.2.2.1.1.1.0) or variable dpiPortForUDP.0 
(1326 Aad 22.200): 


The SNMP PDU can be constructed as shown below. This PDU must be 
sent to UDP port 161 on the host where the agent runs (probably the 
same host where the sub-agent runs). 


The (SNMPv1) packet shown below is for the TCP port. 
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SSOP SSS eae PSs SSeS Sate SSS sR OS Sos CO Sate Ds Dos, + 
| Table 1 (Page 1 of 2). SNMP GET PDU for dpiPortForTCP.0 | 
a ata ee 4+---------------- fa SoS ea See Se ee eS + 
| OFFSET | VALUE | FIELD | 
$ 4+---------------- A 0000000 00000000 ———— + 
| o | 0x30 | ASN.1 header 
q S E E 4-------------------------------- + 
| 1 | 37 + len | PDU_length, see formula below | 
$ 4+---------------- A a a —————— + 
| 2 | 0x02 0x01 0x00 | SNMP version: | 
| | | (integer, length=1, value=0) | 
Hesse ds ++ Seanez eases ES + 
| 5 | 0x04 | community name (string) 
potato Sees poo Spee ES REA e EE + 
| 6 | len | length of community name 
K dr aa K + 
[3% | community name | varies 
$ 4+---------------- A O E A —————— + 
| 7 + len | Oxa0 Oxic | SNMP GET request: | 
| | | request_type=0xa0, length=0x1c | 
aaaea Eaa pase FHH a a —————— + 

7 + len + 2 0x02 0x01 0x01 SNMP request ID: 
integer, length=1, ID=1 
araa Raa +---------------- A O 00000000 000000000 —————— + 
| 7 + len + 5 | 0x02 0x01 0x00 | SNMP error status: 
| | | integer, length=1,error=0 | 
da Era Ee aa Eae des at Ho EE SS + 
7 + len + 8 0x02 0x01 0x00 SNMP index: 
integer, length=1, index=0 
$ Taa K + 
| 7 + len + 11 | 0x30 0x11 | varBind list, length=0x11 | 
$ 4+---------------- A 00000000 00000000 —————— + 
| 7 + len + 13 | 0x30 0x0f | varBind, length=0x0f 
$ A 4+---------------- A 0000000000 00000 —————— + 
| 7 + len + 15 | 0x06 0x0b | Object ID, length=0x0b | 
Ea o a 4+---------------- hee Se ee ees + 
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SS eee a A ee A SR OS + 
| Table 1 (Page 2 of 2). SNMP GET PDU for dpiPortForTCP.0 | 
$2 $ AZ O O + 
| OFFSET | VALUE | FIELD 
$ d e E T = 22732522222 + 
| 7 + len + 17 | 0x2b 0x06 0x01 | Object-ID: | 
| | 0x04 0x01 0x02 | 1.3.6.1.4.1.2.2.1.1.1 | 
| | 0x02 0x01 0x01 | Object-instance: 0 
| | 0x01 0x00 | | 
$ $ AZ O + 
| 7 + len + 28 | 0x05 0x00 | null value, length=0 
$2 $ R Seo SaaS SS esas sSsese + 
| NOTE: Formula to calculate "PDU_length": 
| 
| PDU_length = length of version field and string tag (4 bytes) | 

+ length of community length field (1 byte) 

+ length of community name (depends...) 
| + length of SNMP GET request (32 bytes) 
| 
| = 37 + length of community name 
A E + 


3.1.2 SNMP PDU CONTAINING THE RESPONSE TO THE GET 


Assuming that no errors occurred, the port is returned in the last 
few octets of the received packet. In the simple case, where the 
port number will be between 1024 and 16,385, the format of the packet 
is shown below. 


Note: In practice, the port number can be any positive number in the 
range from 1 through 65,535. A port number of 0 means that the agent 
does not have a dpiPort defined for the requested protocol. So the 
actual port value maybe in the last 1, 2 or 3 octets. The sample 
implementation code shows how to handle the response to cover all 
those cases, including error conditions. 


Note: The (SNMPv1) packet shown below is for the TCP port. 


$ A 5 5 5 5 = + 
| Table 2 (Page 1 of 3). SNMP RESPONSE PDU for dpiPortForTCP.0 | 
4+--------------- 4---------------- 4-------------------------------- + 
| OFFSET VALUE FIELD 

4---------------4------- o + 
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eS eee Se eae ee a ee en eS enna a ee ee o AS + 
| Table 2 (Page 2 of 3). SNMP RESPONSE PDU for dpiPortForTCP.0 | 
$2 $ AZ O O + 
| OFFSET | VALUE | FIELD | 
$2 +=—>——>———————————— fes 2= 9229 = += + 
| 2 | 0x02 0x01 0x00 | version 
| | | (integer, length=1,value=0) | 
E T K + 
| 5 | 0x04 | community name (string) 
$ $ AZ O 0000000 >= ——————— + 
| 6 | len | length of community name 
PS E E E $ desa E Ss + 
| 7 | community name | 
4+--------------- $2 SE O => ===>>> ————— + 
| 7 + len | Oxa2 Oxle | SNMP RESPONSE: | 
| | | request type=0xa2, length=0xle | 
+=—>——>——————————— $ AZ O O + 
| 7 + len +2 | 0x02 0x01 0x01 | SNMP request ID: | 
| | | integer, length=1, ID=1 
+--------------- $2 AZ O O + 
| 7 + len +5 | 0x02 0x01 0x00 | SNMP error status: 
| | | integer, length=1,error=0 | 
4+--------------- $2 pao Espanca + 
| 7 + len + 8 | 0x02 0x01 0x00 | SNMP index: | 
| | integer, length=1, index=0 | 
aa K K ii E + 
| dos en + 11 | 0x30 0x13 | varBind list, length=0x13 | 
$ $ AZ O => >>> ==> ————— + 
| 7 + len + 13 | 0x30 0x11 | varBind, length=0x11 
E T AZ >>> => 0000 >= ——————— + 
| 7 + len + 15 | 0x06 0x0b | Object ID, length=0x0b | 
$ $ AZ O ==> ==> ——————— + 
| 7 + len + 17 | 0x2b 0x06 0x01 | Object-ID: | 

0x04 0x01 0x02 add dl 

0x02 0x01 0x01 Object-instance: 0 
| | 0x01 0x00 | 
$2 $ AOE ii E + 
| 7 + len + 28 | 0x02 0x02 | integer, length=2 
4+--------------- $2 AZ O + 
| 7 + len + 30 | MSB LSB | port number (MSB, LSB) | 
T T AZ O ===>>> TE + 
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NOTE: Formula to calculate "PDU_length": 


+ length of community length field (1 byte) 
+ length of community name (depends...) 
+ length of SNMP RESPONSE (34 bytes) 


| | 
| PDU length = length of version field and string tag (4 bytes) | 
| | 
| | 


| = 39 + length of community name 


3.2 SNMP DPI PACKET FORMATS 


Each request to, or response from, the agent or sub-agent is 
constructed as a "packet" and is written to the stream. 


Each packet is prefaced with the length of the data remaining in the 
packet. The length is stored in network byte order, the most 
significant byte (MSB) first, least significant byte (LSB) last. If 
we consider a stream connection (like TCP), the receiving side will 
read the packet by doing something similar to: 


unsigned char len_bfr[2]; 
unsigned char *bfr; 
int len; 


read (fd, len bfr,2); 

len = len bfr[0] * 256 + len bfr[1]; 
bfr = malloc(len); 

read (fd, bfr,len); 


Note: The above example makes no provisions for error handling or a 
read returning less than the requested amount of data,and it is not 
intended to be used literally. 


3.2.1 DPI PACKET HEADER 


The first part of every packet identifies the application protocol 
being used as well as some version information. The protocol major 
version is intended to indicate, in broad terms, what version of the 
protocol is used. The protocol minor version is intended to identify 
major incompatible versions of the protocol. The protocol release is 
intended to indicate incremental modifications to the protocol. The 
constants that are valid for these fields are defined in Table 15. 
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The next field, present in all packets, is the packet ID. It 
contains packet identification that can help an agent or sub-agent 
match responses with request. This is useful with UDP connections 
over which packets can be lost. The packet ID is a monotonically 
increasing unsigned 16-bit integer which wraps at its maximum value. 


The next field, present in all packets, is the packet type. It 
indicates what kind of packet we're dealing with (OPEN, REGISTER, 
GET, GETNEXT, GETBULK, SET, COMMIT, UNDO, TRAP, RESPONSE, UNREGISTER 


U 


or CLOSE). The permitted values for this field are defined in Table 
16. 
A O O O ===> — > —————— + 
| Table 3. SNMP DPI packet header. Present in all packets. | 
E E + 
| OFFSET | FIELD | 
+=—>—————————— EEE E ES + 
| o | packet length to follow (MSB to LSB) 
T A O O — => —————— + 
L | protocol major version 
$ SA A ee ae + 
| 3 | protocol minor version 
$ ha a a SS ASS RSS + 
| 4 | protocol release 
E G + 
ee | packet id (MSB to LSB) 
E E K + 
Ip | packet type 
do A O O ==> —————— + 


From this point onwards, the contents of the packet are defined by 
the protocol being used. The remainder of this section describes: 


O Layout of packets for the SNMP DPI protocol, version 2.0. 

O Constants as defined with this version of the protocol. 
.2 OPEN 
In order for a sub-agent to communicate with a DPI capable SNMP 
agent, it must first send an SNMP DPI OPEN request to the agent to 


setup the "connection" with that agent. 


Such a packet contains the standard SNMP DPI header plus OPEN 
specific data. This data consists of: 
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a timeout value (in seconds). 
This is a requested timeout value to be used for all requests 
for objects for which there is no timeout value specified for 


the sub-tree under which the object is registered. If you 
specify a zero timeout value, then the agent will use its own 
default timeout value. If you want a larger value than the 


default value, then you can specify it here. However, the agent 
may have a maximum value that you can never exceed. If you do 
ask for a larger timeout than that maximum, the agent will set 
it at the maximum it accepts. 

the maximum number of varBinds per DPI packet that the 
sub-agent is prepared to handle. 

Selected character set to be used for the representation of the 
OBJECT ID strings and DisplayStrings. 

The choices are the native character set (0) or the ASCII 
character set (1). See 3.3.5, "Character set selection" 

for more information in character set selection. 

An agent may choose to support only the native character set. 
null terminated sub-agent ID, which is a unique ASN.1 OBJECT 
identifier, so in dotted ASN.1 notation. This string is 
represented in the selected character set. 

null terminated sub-agent description, which is a DisplayString 
describing the sub-agent. This string is represented in the 
selected character set. This may be the null-string if there 
is no description. 

optionally a password that the agent uses to validate the 
sub-agent. It depends on the agent implementation if a 
password is required. If no password is passed, the length 
must be specified as zero. 


ub-agent must expect a response indicating success or failure. 
able 19 for the valid codes in a DPI RESPONSE to a DPI OPEN 
SE: 


e error code in the RESPONSE is not SNMP ERROR DPI noError, then 
gent closes the connection. 
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eS eae er eae ee ne ee ee ee Se A a eae eae + 
| Table 4. Layout SNMP DPI OPEN packet | 
E E + 
| OFFSET | FIELD | 
dn E P E A Se SS SS + 
| o | packet length to follow (MSB to LSB) 
E E + 
| 2 | protocol major version 
$ E O 00 — ===>>> —————— + 
| 3 | protocol minor version 
E enn E E —————— + 
| 4 | protocol release 
E E + 
| 5 | packet id (MSB to LSB) | 
EEE K nn 00000 ===>>> —————— + 
| 7 | packet type = SNMP_DPI_OPEN | 
$ A O O O —————— + 
| 8 | requested overall timeout (seconds, MSB to LSB) 
T E + 
| 10 | max varBinds per DPI packet (MSB to LSB) 
Aa E + 
| 12 | Selected character set (0=Native, 1=ASCII) 
R S + 
| 43 | null terminated sub-agent ID (OID) 
E Soar SAn A O — => —————— + 
| 13+L1 | null terminated sub-agent Description 
$ == tasa? S ee A ee eae ae eo ASS + 
| 13+L2 | password length (zero if no password, MSB to LSB) | 
+=—>—————————— fa nn nn >= — === ————— + 
| 15+L2 | password (if any) 
$ A O O —————— + 
| NOTE | 
| | 
O L1 = strlen(sub-agent ID) + 1 
O L2 = L1 + strlen(sub-agent Description) + 1 
| o OID and Description strings use selected character set | 
aa Pe ee E eee + 
3.2.3 CLOSE 


In order for a sub-agent to close the "connection" with the DPI 
capable SNMP agent, it must send an SNMP DPI CLOSE request to the 


agent. The agent will not send a response, but closes the physical 
connection and implicitly unregisters any sub-trees related to the 


connection. 


An agent may also send to the sub-agent an SNMP DPI CLOSE packet that 


contains the standard SNMP DPI header plus CLOSE specific data. 


Wijnen, 


This 
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data consists of: 


O a reason code for closing. See Table 21 for a list 
of valid reason codes. 


$----------- = + 
| Table 5. Layout SNMP DPI CLOSE packet | 
+------------ La + 
| OFFSET | FIELD | 
+------------ La + 
| o | packet length to follow (MSB to LSB) 

+------------ La + 
E | protocol major version 

+------------ La + 
| 3 | protocol minor version 

+------------ L + 
| 4 | protocol release 

+------------ La + 
|5 | packet id (MSB to LSB) | 
+------------ La + 
| 7 | packet type = SNMP_DPI_CLOSE | 
+------------ La + 
| 8 | reason code (1 octet) 

+------------ Ta + 


3.2.4 ARE YOU THERE 


An ARE YOU THERE packet allows a sub-agent to determine if it still 
has a DPI connection with the agent. This packet is necessary 
because a sub-agent passively awaits requests from an agent and 
normally will not detect problems with an agent connection in a 
timely manner. (In contrast, an agent becomes aware of any sub-agent 
connection problem in a timely manner because it sets a timeout when 
sending request). 


A sub-agent can send a SNMP DPI ARE YOU THERE packet to an agent 
which will then return a RESPONSE with a zero error code and a a zero 
error index if the connection is healthy. Otherwise, the agent may 
return a RESPONSE with an error indication. If the connection is 
broken, the sub-agent will see no response at all. 


An ARE YOU THERE packet contains the standard SNMP DPI header with no 
additional data. 
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BZ 0002000000 0222202000 0220222222 2222222220 == ————— + 
| Table 6. Layout SNMP DPI ARE YOU THERE packet 

4+------------ AZ 0000002000 2222222200 ——————— + 
| OFFSET FIELD | 
$ A 0000222220 0002202220 ——————— + 


| 
+ 
| packet length to follow (MSB to LSB) | 
Am -------- - --- = -- + - - == == + 
| protocol major version 
Am -------- - --- = -- nn + 
| protocol minor version 

+------------ +---------------------------------------------------- + 
| protocol release | 
Am -- --- nono + 
| packet id (MSB to LSB) | 
+---------------------------------------------------- + 
| packet type = SNMP DPI ARE YOU THERE 
+---------------------------------------------------- + 


3.2.5 REGISTER 


In order to register a branch in the MIB tree, an SNMP sub-agent 
sends an SNMP DPI REGISTER packet to the agent. 


Such a packet contains the standard SNMP DPI header plus REGISTER 
specific data. This data consists of: 


O a requested priority. 
There are 2 special values, namely minus one (-1, requests best 
available priority) and zero (0, requests next better priority 
than the highest priority in use). Any other value requests a 


specific priority or the next best priority if already in use). 
The lower the number, the better the priority. An agent will 
send requests to only the one sub-agent that has registered 
with the best priority. The agent returns the actual priority 
assigned in the RESPONSE packet in the error_index field. 

O a requested timeout. 
If a zero value is specified, then the agent uses the timeout 
value specified in the DPI OPEN request. 
If you want a shorter or longer timeout value for this specific 
sub-tree, then you specify it here. The agent has a maximum 
timeout it will allow in this field. The agent will use this 
value (or its maximum) to await a response to requests for this 
sub-tree. 

O an indication as to whether the sub-agent wishes to handle MIB 
view selection (SNMPv1 community string authentication) 
in subsequent GET, GETNEXT or SET, COMMIT, UNDO requests. Not 
all DPI capable agents need to support this feature, but they 
must at least recognize this indication and give an appropriate 
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response if they do not support it. 

O an indication as to whether the sub-agent wishes to handle the 
GETBULK itself. If not, then the agent will translate a 
GETBULK into multiple GETNEXT requests. 

Not all DPI capable agents need to support this feature. They 
may opt to always translate a GETBULK into multiple GETNEXT 
requests. In this case the agent will send the appropriate 
RESPONSE to indicate this. 

o the group ID (sub-tree) to be registered (with trailing dot). 
The group ID is represented in the selected character set as 
specified in DPI OPEN packet. 


The agent will respond with an SNMP DPI RESPONSE packet indicating 


registration error or success. The packet ID of the response will be 
the same as that for the REGISTER request to which this is a 
response. 


The group ID will be the same as that specified in the REGISTER 


request. There will be no instance returned (e.g. NULL string for 
instance ID). The value will be an SNMP_TYPE_NULL value with a zero 
length. 
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$ oo + 

| Table 7. Layout SNMP DPI REGISTER packet 

4+—------------ 4+-------------------- = -- 5 5 > + 

| OFFSET | FIELD | 

4+—------------ $ -- -- - 5 5 => + 

| o | packet length to follow (MSB to LSB) 

4+—------------ $ ---- 5 5 => + 

| 2 | protocol major version 

4+—------------ $ = 5 5 => + 

| 3 | protocol minor version 

4+—------------ $ -- -- = 5 5 5 5 5 => + 

| 4 | protocol release 

4+—------------ 4+—-------------------- -- -- - = 5 5 — + 

| 5 | packet id (MSB to LSB) | 

4+—------------ f==>DDD000000 0000000000 0022220222 5 5 5 5 — + 

| 7 | packet type = SNMP_DPI_REGISTER | 

4+—------------ $ -- -- - 5 5 => + 

| 8 | requested priority (MSB to LSB) 

4+—------------ $ -- -- 5 5 => + 

|12 | timeout in seconds (MSB to LSB) 

+------------ T 5 5 => + 

| 14 | view selection (0 = you (agent) do, 1 = I do) 

+—------------ $ -- -- = 5 5 5 => + 

| 15 | getbulk selection (0=use GetNext, l=use GetBulk) 

+------------ f=>>DDD000000 0000000000 0022222222 5 => + 

| 16 | null terminated group ID (with trailing dot) 

4+—------------ $ -- -- - 5 5 5 > + 
NOTE 

| O group ID string uses selected character set 

$ oo + 


3.2.6 UNREGISTER 


In order to unregister a branch in the MIB tree, an SNMP sub-agent 
sends an SNMP DPI UNREGISTER packet to the agent. 


Such a packet contains the standard SNMP DPI header plus UNREGISTER 
specific data: a null terminated string (represented in the selected 
character set) representing the group ID in ASN.1 dotted notation and 
an indication as to the reason for the unregister (see table 14). 


The agent will respond with an SNMP DPI RESPONSE packet indicating 
error or success. The packet ID of the response will be the same as 


that for the UNREGISTER request to which this is a response. 


The group ID will be the same as that specified in the UNREGISTER 
request. There will be no instance returned (e.g. NULL string for 
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instance ID). The value will be an SNMP TYPE NULL value with a zero 
length. 
$ oo + 
| Table 8. Layout SNMP DPI UNREGISTER packet 
4+—------------ $ ---- 5 5 => + 
| OFFSET FIELD | 
$ O oo + 


| 
+ 
| packet length to follow (MSB to LSB) | 
FO O O O = + 
| protocol major version 
FO O O = + 
| protocol minor version 
FO O = + 
| protocol release | 
+------------ T O o + 
| packet id (MSB to LSB) | 
T O o + 
| packet type = SNMP_DPI_UNREGISTER 
+---------------------- O O + 
| reason code | 
$ 5 = + 
| null terminated group ID (with trailing dot) | 
+ 


3.2.7 GET 


When the SNMP agent receives a PDU containing an SNMP GET request for 
a variable that resides in a sub-tree registered by a sub-agent, it 
passes an SNMP DPI GET packet to the sub-agent. 


Such a packet contains the standard SNMP DPI header plus GET specific 
data: 


O the community name used in the SNMP PDU. The length is zero 
unless view handling was selected by the sub-agent. The length 
is also zero if the SNMP PDU was not in SNMPvl format. 

O per varBind two null terminated strings (in the selected 
character set) representing the group and instance ID in ASN.1 
dotted notation. 
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AO 5 5 = + 

| Table 9. Layout SNMP DPI GET packet | 

+------------ L + 

| OFFSET | FIELD | 

+------------ La + 

| o | packet length to follow (MSB to LSB) 

+------------ La + 

| 2 | protocol major version 

+------------ L + 

| 3 | protocol minor version 

+------------ La + 

| 4 | protocol release 

+------------ La + 

| 5 | packet id (MSB to LSB) | 

+------------ La + 

| 7 | packet type = SNMP_DPI_GET | 

+------------ L + 

| 8 | community name length (MSB to LSB) 

+------------ La + 

| 10 | community name (if any) 

+------------ La + 

| 10+L1 | null terminated group ID (with trailing dot) | 

+------------ L + 

| 10+L2 | null terminated instance ID (no trailing dot) | 

+------------ La + 

| 10+13 | optionally more varBinds (group/instance ID pairs) | 

+------------ La + 
NOTE 

| o Ll = length of community name 

| o L2 = L1 + strlen(group ID) + 1 

| O L3 = L2 + strlen(instance ID) + 1 

| O group and instance ID strings use selected character set | 

La + 


3.2.8 GETNEXT 


When the SNMP agent receives a PDU containing an SNMP GETNEXT request 
for a variable for which a sub-agent may be authoritative, it passes 
an SNMP DPI GETNEXT packet to the sub-agent. 


Such a packet contains the standard SNMP DPI header plus GETNEXT 
specific data: 


S the community name used in the SNMP PDU. The length is zero 
unless view handling was selected by the sub-agent. The length 
is also zero if the SNMP PDU was not in SNMPvl1 format. 

O per varBind two null terminated strings (in the selected 
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character set) representing the group and instance ID in ASN.1 
dotted notation. 


A O 5 5 A 5 5 oar + 
| Table 10. Layout SNMP DPI GETNEXT packet | 
4+------------ BI + 
| OFFSET | FIELD | 
4+------------ A O 5-5-5 ----- + 
| o | packet length to follow (MSB to LSB) 
eee ee ee fee SSS E ee a Se eee eee pe Sea ees + 
| 2 | protocol major version 
dirao des HH E KAA SaaS SS Sea LE Saas Ta Ee R oE araa + 
| 3 | protocol minor version 
pta OS + 
| 4 | protocol release 
ES as HSH o o EE Du docs Saa + 
5 | packet id (MSB to LSB) | 
4+------------ $------- entenita O === === + 
|7 | packet type = SNMP_DPI_GETNEXT | 
4+------------ A O 5-5-5 ———— + 
| 8 | community name length (MSB to LSB) 
4+------------ K 55-55 A 5-55-5555 55 -------- + 
| 10 | community name 
4+------------ a + 
| 10+L1 | null terminated group ID (with trailing dot) | 
4+------------ eS SaaS Sn a ee ase + 
| 10+L2 | null terminated instance ID (no trailing dot) | 
4+------------ ee ee + 
| 10+13 | optionally more varBinds (group/instance ID pairs) | 
4+------------ BO 55-55-55 5-5-5555 5-5-5 a === + 
| NOTE | 
| | 
| o Ll = length of community name 

O L2 = L1 + strlen(group ID) + 1 

o 13 = 12 + strlen(instance ID) + 1 
| O group and instance ID strings use selected character set | 
arar aE ee oe + 


3.2.9 GETBULK 


When the SNMP agent receives a PDU containing an SNMP GETBULK request 
that includes variables for which a sub-agent may be authoritative, 
it checks if the sub-agent wants to handle the GETBULK itself (as 
specified at registration time). If so, it sends an SNMP DPI GETBULK 
packet to the sub-agent. 


Such a packet contains the standard SNMP DPI header plus GETBULK 
specific data: 
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O non-repeaters 

O max repetitions 

O per varBind two null terminated strings (in the selected 
character set) representing the group and instance ID in ASN.1 
dotted notation. 


$ O 5 5 5 5 5 = + 
| Table 11. Layout SNMP DPI GETBULK packet 

4+------------ $ = = 5 5 5 5 == + 
| OFFSET FIELD | 
4------------4--------- = - = $5 5 5 5 = + 


| 
+ 
| packet length to follow (MSB to LSB) | 
$ 0000202000 00 00020020 ———————————— + 
| protocol major version 
HO 0000000000 0200002002 >>> —————————— + 
| protocol minor version 
+---------------------------------------------------- + 
| protocol release | 
HO 0200002000 0020000000 000 —0——————————— + 
| packet id (MSB to LSB) | 
+------------ HO 2000000000 0000000200 20 ——————————— + 
| packet type = SNMP_DPI_GETBULK 
HO 0200022000 0020200000 200 ——————————— + 
| non-repeaters (4 octets, MSB to LSB) | 
HO 2020000000 0020220000 200 ——————————— + 
| max-repetitions (4 octets, MSB to LSB) | 
HO 0200000200 0000000000 200 ——————————— + 
| null terminated group ID (with trailing dot) | 
HO 0000022000 > 000020 — 2 >>> —————————— + 
| null terminated instance ID (no trailing dot) | 
+---------------------------------------------------- + 
| optionally more varBinds (group/instance ID pairs) | 
L 00020020 —2—0———————————— + 


| o L1 = strlen(group ID) + 1 
| O L2 = 11 + strlen(instance ID) + 1 
| O group and instance ID strings use selected character set | 


3.2.10 SET, COMMIT AND UNDO 
When the SNMP agent receives a PDU containing an SNMP SET request for 


a variable that is in a sub-tree registered by a sub-agent, it passes 
one of 3 sequences of SNMP DPI packets to the sub-agent: 
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O SET, COMMIT 
This is the normal sequence. The SET request is the first 
phase. The sub-agent must verify that the SET request is valid 
and that the resources needed are available. The COMMIT 
request comes next. The sub-agent must now effectuate the SET 
request. 

O SET, UNDO 
If an SNMP packet has a SET request for multiple varBinds that 
reside in different sub-trees, then the agent first sends a SET 
to all sub-agents. If any sub-agent returns an error on the 
SET, then the agent sends UNDO to those sub-agents that 
returned no error on the SET, meaning the SET is being 
canceled. 

O SET, COMMIT, UNDO 
In the very rare circumstance where all sub-agents have 
responded error-free to a SET and where one of them fails to 
perform the COMMIT, then the agent sends an UNDO to all 
involved sub-agents (also those who completed COMMIT). 
Sub-agents should try, to the best of their ability, to never 
let a commit fail and to undo an already committed set if asked 
to do so. 


Such packets contain the standard SNMP DPI header plus SET specific 
data: 


O the community name used in the SNMP PDU. The length is zero 


unless view handling was selected by the sub-agent. The length 
is also zero if the SNMP PDU was not in SNMPvl1 format. 
O per varBind: 


= two null terminated strings (in the selected character set) 
representing the group and instance ID in ASN.1 dotted 
notation. 

= the type, value length and value to be set. 


The permitted types for the type field are defined in Table 17. 


See 3.3.4, "Value Representation" for information on how the 
value data is represented in the packet value field. 
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hee ea eee a en ae Pa soa nee oe eee eee + 
| Table 12. Layout SNMP DPI SET, COMMIT, UNDO packet 
A A O O O a a —————— + 
| OFFSET | FIELD | 
dn E P E E SS a SS + 
| o | packet length to follow (MSB to LSB) 
E E + 
| 2 | protocol major version 
$ E O 00 — ===>>> —————— + 
| 3 | protocol minor version 
E enn E E —————— + 
| 4 | protocol release 
E E + 
| 5 | packet id (MSB to LSB) | 
$ A nn 0000 = 00 — => —————— + 
| 7 | packet type = SNMP_DPI_SET/COMMIT/UNDO | 
$ == A O O >>> —————— + 
| 8 | community name length (MSB to LSB) 
T A O O —————— + 
| 10 | community name 
$ == A O O 000000 ===>>> —————— + 
| 10+L1 | null terminated group ID (with trailing dot) | 
EEE R + 
| 10+L2 | null terminated instance ID (no trailing dot) | 
+=——————————— AZ >>> 000000 > 0000000000 E —————— + 
| 10+L3 | SNMP Variable Type Value 
$ Pa ni T ee assess + 
| 10+L3+1 | Length of value (2 octets, MSB to LSB) | 
$ A O O === 00 ==> —————— + 
| 10+L3+3 | Value | 
K P + 
| 10+L4 | optionally more varBinds (sequences of group ID, | 
| | instance ID, Type, Length and Value) 
q AZ O 00000 — => —————— + 
| NOTE | 
| 
| o Ll = length of community name 
| O L2 = L1 + strlen(group ID) + 1 
| O L3 = L2 + strlen(instance ID) + 1 

O L4 = 13 + 3 + length of value 

O group and instance ID strings use selected character set 
| O OID and DisplayString values use selected character set | 
| o Integer values are in network byte order 
A O nn = 00 — >= —————— + 
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3.2.11 RESPONSE 


An SNMP sub-agent must respond to a GET, GETNEXT, GETBULK, SET, 
COMMIT, UNDO or UNREGISTER request that it has received from the 
agent (unless it fails or has a bug ;-)). To do so, it sends an SNMP 
DPI RESPONSE packet to the agent. 


Such a packet contains the standard SNMP DPI header plus RESPONSE 
specific data: 


O an error_code, 

O an error_index, 

O plus for a successful GET, GETNEXT, or GETBULK, the 
name/type/length/value tuple(s) representing the returned 
object (s). For each varBind this is described as: 


- two null terminated strings (in the selected character set) 
representing the group and instance ID in ASN.1 dotted 
notation. 

- the type, value length and value of the object that is 
returned. 


The permitted types for the type field are defined in Table 17. 


See 3.3.4, "Value Representation" for information on how the 
value data is represented in the packet value field. 


For an unsuccessful GET, GETNEXT or GETBULK, the sub-agent does not 
need to return any name/type/length/value tuple(s), because by 
definition, the varBind information is the same as in the request to 
which this is a response, and the agent still has that information. 


The group ID and the packet ID must always be the same as the 
corresponding fields in request PDU which has prompted the RESPONSE. 


If the response is to a SET, COMMIT or UNDO request, there is no need 
to return any varBind information, because by definition, the varBind 
information is the same as in the request to which this is a 
response, and the agent still has that information. 


If the response is to a REGISTER or UNREGISTER, no variable 
(instance) is being returned, so the instance ID is the NULL string 
(one 0x00 byte). In the response to a REGISTER request indicating 
success, the error index contains the priority assigned by the agent. 


If the response is to an OPEN, ARE_YOU_THERE or CLOSE, no varBind 
data will be passed, so no group ID, instance ID or value data. The 
packet will only include the header, the error code and the error 
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index 
A rn en + 
| Table 13. Layout SNMP DPI RESPONSE packet 
A === === 253575253 22923222 05 22222222 SS ES + 
| OFFSET | FIELD | 
A $ O O O N E O O O T E ST ENE + 
Mes | packet length to follow (MSB to LSB) 
A $ O O O O O O O O + 
| 2 | protocol major version 
+------------ $ O O O >>> >>> ——————————————————— + 
| 3 | protocol minor version 
A ER A ee a STS ERE: + 
| 4 | protocol release 
A +++ +22 o ee + 
| 5 | packet id (MSB to LSB) | 
S nn $ O O O O O O O O O EE + 
| 7 | packet type = SNMP_DPI_RESPONSE | 
+------------ $ O O O O O O O O O O + 
| 8 | error code (1 octet) 
A li + 
| 9 | error index (4 octets, MSB to LSB) 
Ho ESSAS DS cao + 
| 15 | null terminated group ID (with trailing dot) 
A $ O O O O >>> a a + 
| 15+L1 | null terminated instance ID (no trailing dot) | 
Ho ta SS SS Ra SS Sa a eS se ae E + 
| 15+L2 | SNMP Variable Type Value 
+------------ $ O rn O O O O O O EESE + 
| 15+12+1 | Length of value (MSB to LSB) | 
+------------ $ O O O O O O O O O O O + 
| 15+L2+3 | Value | 
A $ O O O O O O O O ———————————————— + 
15+L3 optionally more varBinds (sequences of group ID, 
instance ID, Type, Length and Value) 
A $ O O O O O O O O O a + 
| NOTE: | 
| 
| O Li = strlen(group ID) + 1 
O L2 = L1 + strlen(instance ID) + 1 
| o L3 = L2 + 3 + length of value 
| O group and instance ID strings use selected character set | 
| O OID and DisplayString values use selected character set | 
| o Integer values are in network byte order 
E + 
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3.2.12 TRAP 


An SNMP sub-agent can request the agent to generate an SNMPvl or 
SNMPv2 TRAP (depending on the trap destinations defined at the agent) 
by sending an SNMP DPI TRAP packet to the agent. 


Such a packet contains the standard SNMP DPI header plus TRAP 
specific data: 


O the generic and specific trap codes 

O optionally a null terminated string (in the selected character 
set) representing the enterprise ID in ASN.1 dotted notation. 
This enterprise ID will be sent with the TRAP. If the null 
string is passed, then the agent uses the sub-agent Identifier 
(OID as passed with the DPI OPEN packet) as the Enterprise ID. 

O optionally a set of one or more name/type/length/value tuples. 
representing varBinds to be sent with the trap. Each varBind 
consists of: 


S two null terminated strings (in the selected character set) 
representing the group and instance ID in ASN.1 dotted 
notation. 

- the type, value length and value of the object that is 
returned. 


The permitted types for the type field are defined in Table 17. 


See 3.3.4, "Value Representation" for information on how the 
value data is represented in the packet value field. 
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4+--------------------- O 5 O o + 
| Table 14. Layout SNMP DPI TRAP packet 
+------------ T + 
| OFFSET | FIELD | 
+------------ T O O o + 
| o | packet length to follow (MSB to LSB) 
+------------ T O o + 
| 2 | protocol major version 
+------------ T O = + 
| 3 | protocol minor version 
+------------ FO O O + 
| 4 | protocol release 
+------------ T + 
| 5 | packet id (MSB to LSB) | 
+------------ FO O = + 
| 7 | packet type - SNMP DPI TRAP | 
+------------ T O O + 
| 8 | SNMP generic trap code 
+------------ T O O + 
|12 | SNMP specific trap code 
+------------ T + 
| 14 | null terminated enterprise ID (no trailing dot) 
+------------ T O O + 
| 14+L1 | null terminated group ID (with trailing dot) | 
+------------ T O O + 
| 14+L2 | null terminated instance ID (no trailing dot) | 
+------------ T O O + 
| 14+L3 | SNMP Variable Type Value 
+------------ T O = + 
| 14+13+1 | Length of value (MSB to LSB) | 
+------------ T O = + 
| 14+L3+3 | Value | 
+------------ T O + 
14+L4 optionally more varBinds (sequences of group ID, 
instance ID, Type, Length and Value) 
+------------ T O O o + 
| NOTE: | 
| 
| O L1 = strlen (enterprise ID) + 1 
O L2 = L1 + strlen(group ID) + 1 
| O L3 = L1 + L2 + strlen(instance ID) + 1 
| o 14 = 11 +12 + 13 + 3 + length of Value | 
| O enterprise, group and instance ID strings use selected | 
| character set | 
| O OID and DisplayString values use selected character set | 
| o Integer values are in network byte order 
T O O o + 
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3.3 CONSTANTS AND VALUES 


This section describes the constants that have been defined for this 
version of the SNMP DPI Protocol. 


3.3.1 PROTOCOL VERSION AND RELEASE VALUES 


o eee ee EE + 
| Table 15. Protocol version and release values | 
AZ O E AZ O O + 
| FIELD VALUE | 
Gb Sort ee te ee ae eg en ho ga en eee ene eee + 


| 
+ 
| protocol major version | 
pelo eee es Oe ee dE oS o Se eae eee + 
| protocol minor version | 
E + 
| 
+ 


| protocol release 
+ Wa Sse Jacl ae ses Seas E ess a a Jee ean a fs A A 


Previous versions of this protocol exist and should preferably be 
supported by an agent: 


O version 1, release 0, described in [7] 


Previous internal versions of this protocol exist and may or may not 
be supported by an agent: 


O version 1, release 1, experimental within IBM. 
O version 1, release 2, experimental within BNR. 
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3.3.2 PACKET TYPE VALUES 
L + 
| Table 16. Valid values for the packet type field | 
4+------- AZ 0000002200 ——————— + 
| VALUE | PACKET TYPE | 
4+------- AZ 0000020220 2020000220 = 2022222 >= ————— + 
| 1 | SNMP DPI GET | 
4+------- AZ 0000002020 0222002200 ——————— + 
| 2 | SNMP DPI GETNEXT 
4+------- 4--------------------------------------------------------- + 
| 3 | SNMP_DPI_SET | 
4+------- HZ 0000002022 2202202220 >= ——————— + 
| 4 | SNMP DPI TRAP | 
4+------- HO 0000202020 0000002220 >> 2002 ————————— + 
|5 | SNMP_DPI_RESPONSE 
4+------- 4--------------------------------------------------------- + 
| 6 | SNMP_DPI_REGISTER 
4+------- HZ 0000000020 0202202222 0202202002 ———————————— + 
| 7 | SNMP_DPI_UNREGISTER 
4+------- 4--------------------------------------------------------- + 
| 8 | SNMP DPI OPEN | 
4+------- AZ 0000022200 2222022022 222220222 —————— + 
| 9 | SNMP_DPI_CLOSE 
4+------- HO 0000002220 2 0022222222 20222 — 2 ——————— + 
| 10 | SNMP DPI COMMIT 
4+------- AZ 0000202222 0202022222 2222002 ——————— + 
|) Ed | SNMP_DPI_UNDO | 
4+------- HO 0002002222 2220022202 22220022 ——————— + 
| 12 | SNMP DPI GETBULK 
4+------- 4--------------------------------------------------------- + 
T3 | SNMP_DPI_TRAPV2 (not yet used) 
4+------- 4--------------------------------------------------------- + 
| 14 | SNMP_DPI_INFORM (not yet used) 
4+------- 4--------------------------------------------------------- + 
| 15 | SNMP_DPI_ARE_YOU_THERE 
4+------- 4--------------------------------------------------------- + 
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3.3.3 VARIABLE TYPE VALUES 
4----------------------------------------------------------------- + 
| Table 17. Valid values for the Value Type field 
4+------- HO 0002022220 2022222220 ——————— + 
| VALUE | VALUE TYPE | 
4+------- AO 0002022220 0022222220 2220222222 >= ————— + 
| 129 | SNMP TYPE Integer32 
4+------- HZ 0000022200 2000022202 220222222 ——————— + 
| 2 | SNMP TYPE OCTET STRING 
4+------- 4--------------------------------------------------------- + 
| 3 | SNMP_TYPE_OBJECT_IDENTIFIER 
4+------- BO 0000002222 2002002020 0222222022 2 === ——————— + 
| 4 | SNMP_TYPE_NULL (empty, no value) 
4+------- HO 0000202220 2222002220 ——————— + 
|5 | SNMP_TYPE_IpAddress 
4+------- 4--------------------------------------------------------- + 
| 134 | SNMP_TYPE_Counter32 
4+------- HZ 0002002200 2020222220 —— 2 ——————— + 
| 135 | SNMP TYPE Gauge32 
4+------- 4--------------------------------------------------------- + 
| 136 | SNMP_TYPE_TimeTicks (1/100ths seconds) 
4+------- HZ 0000202022 0202202220 ——————— + 
| 9 | SNMP_TYPE_DisplayString 
4+------- 4--------------------------------------------------------- + 
| 10 | SNMP_TYPE_BIT_STRING 
4+------- 4--------------------------------------------------------- + 
| LE | SNMP_TYPE_NsapAddress 
4+------- HO 0000202000 ————— + 
| 140 | SNMP TYPE Ulnteger32 
4+------- HO 0002002222 2222222220 ——————— + 
[ES | SNMP TYPE Counter64 
4+------- AZ 2000202020 ——————— + 
| 14 | SNMP TYPE Opaque 
4+------- AZ 0000002220 2002002002 ——————— + 
| 15 | SNMP_TYPE_noSuchObject 
4+------- 4--------------------------------------------------------- + 
| 16 | SNMP_TYPE_noSuchInstance 
4+------- 4--------------------------------------------------------- + 
| 7 | SNMP TYPE endOfMibView 
4+------- HZ 0000002200 0000022000 ——————— + 
Notes: 


1. A 32-bit integer value has its base base type ORed with 128. 


2. DisplayString is a textual convention. 
type of OCTET STRING for the value. 


An SNMP PDU shows a 
An agent can handle such 


an object as DisplayString if the object is included in some 
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form of a compiled MIB for the agent. If not, the agent passes 
the value as an OCTET_STRING. 

3.3.4 VALUE REPRESENTATION 


Values in the DPI packets are represented as follows: 


O 32-bit integers are 4-byte elements in network byte order, MSB 
(most significant byte) first, LSB (least significant byte) 
last. Example: '00000001'h represents 1. 

O 64-bit integers are 8-byte elements in network byte order, MSB 
first, LSB last. 

Example: ’0000000100000001’h represents 4,294,967,297. 

O Object Identifiers are NULL terminated strings in the selected 
character set, representing the OID in ASN.1 dotted notation. 
The length includes the terminating NULL. 

Example ASCII: '312e332e362e312e322e312e312e312e3000'h 
represents "1.3.6.1.2.1.1.1.0" which is sysDescr.0. 
Example EBCDIC: 'f14bf34bf64bf14bf24bf14bf14bf14bf000'h 
represents "1.3.6.1.2.1.1.1.0" which is sysDescr.0. 

O DisplayStrings are in the selected character set. The length 
specifies the length of the string. 

Example ASCII: '6162630d0a'h represents "abc\r\n", no NULL. 
Example EBCDIC: '8182830d25'h represents "abc\r\n", no NULL. 

O IpAddress, NsapAddress and Opaque are implicit OCTET_STRING, so 
they are octets (e.g. IpAddress in network byte order). 

O NULL has a zero length for the value, no value data. 

O noSuchObject, noSuchInstance and endOfMibView are implicit NULL 
and represented as such. 

O BIT_STRING is an OCTET_STRING of the form uubbbb...bb, where 
the first octet (uu) is 0x00-0x07 and indicates the number of 
unused bits in the last octet (bb). The bb octets represent the 
bit string itself, where bit zero (0) comes first and so on. 


3.3.5 CHARACTER SET SELECTION 


In the DPI OPEN packet, the sub-agent can specify the character set 
to be used for the representation of: 


O group and instance ID in the DPI REGISTER, UNREGISTER, GET, 
GETNEXT, GETBULK, SET, UNDO, COMMIT, RESPONSE and TRAP packets. 

O sub-agent ID and sub-agent Description in DPI OPEN packet. 

O Object Identifiers in the value field for a value of type 
SNMP_TYPE_OBJECT_IDENTIFIER. 

O DisplayString in the value field for a value of type 
SNMP_TYPE_DPI_DisplayString. 


The choice is the native character set or the ASCII character set. 
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The native set is the set native to the platform where the agent 
runs. If the native set is ASCII, then character set selection is a 
moot point. On non-ASCII based platforms, the agent must convert 
between native and ASCII if the native character set is chosen. 


3.3.6 ERROR CODE VALUES FOR SNMP DPI RESPONSE PACKETS 


When the RESPONSE packet is a response to a GET, GETNEXT, GETBULK, 
SET, COMMIT, or UNDO, then the error code can have one of the 
following values: 
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Wijnen, 


A A A A A A A A A A A A A A eae DE + 
Table 18. Valid SNMP_ERROR values for RESPONSE error code | 
------ AZ == -----------+ 

VALUE | ERROR CODE | 
------ $ 0000020020 0022200000 0200020002 ——————+ 
0 | SNMP. ERROR noError 

------ $ 0000020020 ———————+ 
1 | SNMP_ERROR_tooBig 

------ AZ 0000020200 2202000000 0000002000 ——————+ 
2 | SNMP ERROR noSuchName (SNMPvl, do not use) | 
------ 4-------------------------------------------- == -----------+ 
3 | SNMP ERROR badValue (SNMPvl, do not use) 

------ AZ 0000000020 2020202000 0 0000000200 ———————+ 
4 | SNMP ERROR readOnly (SNMPvl do not use) 

------ $ 0002000000 2000222000 —————————+ 
5 | SNMP_ERROR_genErr 

------ $ == ----- = -- === -----+ 
6 | SNMP_ERROR_noAccess 

------ $ 0000000000 —————————+ 
7 | SNMP ERROR wrongType 

------ AZ 2002020222 0002002000 0000000000 —————————+ 
8 | SNMP ERROR wrongLength 

------ $ 0000000000 0 0002022200 2000000020 ——————+ 
9 | SNMP_ERROR_wrongEncoding 

------ 4-------------------------------------------- == -----------F+ 
10 | SNMP_ERROR_wrongValue 

------ 4------------------------------------------ === === ------F+ 
11 | SNMP_ERROR_noCreation 

------ AZ === ---------F+ 
12 | SNMP_ERROR_inconsistentValue 

------ 4-------------------------------------------- = -----------F+ 
13 | SNMP_ERROR_resourceUnavailable 

------ $ === --------+ 
14 | SNMP_ERROR_commitFailed 

------ 4-------------------------------------------- = -----------+ 
15 | SNMP_ERROR_undoFailed 

------ $ 0000000020 2020222020 0000000000 ———————+ 
16 | SNMP_ERROR_authorizationError 

------ EZ === ----------F+ 
17 | SNMP_ERROR_notWritable 

------ AZ == -----------F+ 
18 | SNMP_ERROR_inconsistentName 

------ AZ == -----------F+ 
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When the RESPONSE packet is a response to an OPEN, REGISTER or 
UNREGISTER, then the error code can have one of the following values: 


$ Y A 5 5 5 5 = + 
| Table 19. Valid SNMP_ERROR_DPI values for RESPONSE error code | 
4+------- $ == -- 5 = 5 = = + 
| VALUE | ERROR CODE | 
4+------- $ = - = 5 = + 
| 0 | SNMP_ERROR_DPI_noError 

4+------- $ = - 5-5 5 = + 
| 101 | SNMP_ERROR_DPI_otherError 

4+------- $ = - = - 5-5 $5 = + 
| 102 | SNMP_ERROR_DPI_notFound 

4+------- $ = -- 5 $= == + 
| 103 | SNMP ERROR DPI alreadyRegistered 

4+------- 4---------------------- = - 5-5-5 5 = + 
| 104 | SNMP_ERROR_DPI_higherPriorityRegistered 

4+------- $ = = -- $5 5 = = + 
| 105 | SNMP_ERROR_DPI_mustOpenFirst 

4+------- 4---------------------- == -- = 5 $= + 
| 106 | SNMP_ERROR_DPI_notAuthorized 

4+------- $ == -- $= $= = + 
| 107 | SNMP_ERROR_DPI_viewSelectionNot Supported | 
+------—- T o + 
| 108 | SNMP_ERROR_DPI_getBulkSelectionNotSupported 

4+------- 4---------------------- == 5-5 = + 
| 109 | SNMP_ERROR_DPI_duplicateSubAgentIdentifier 

4+------- $ == - = -- 5 5 = = + 
| 110 | SNMP ERROR DPI invalidDisplayString 

4+------- $ == 5-5 = + 
|) Es | SNMP_ERROR_DPI_characterSetSelectionNot Supported | 
4+------- $ = - 5-5-5 $5 = + 
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3.3.7 UNREGISTER REASON CODES 


The following are valid reason codes in an UNREGISTER packet. 


$ O 5 5 5 5 5 5 5 = + 
| Table 20. Valid UNREGISTER reason codes 

4+------- $ 5-5 5 5 5 = = + 
| VALUE | REASON CODE 

4+------- $ = -- 5 55 5 5 5 = = + 
[i 1 | SNMP_UNREGISTER_otherReason 

4+------- 4---------------------- == - $= + 
| 2 | SNMP_UNREGISTER_goingDown 

4+------- 4------------------------- = -- $= + 
| 3 | SNMP_UNREGISTER_justUnregister 

4+------- $ = - == 5 5 = + 
| 4 | SNMP_UNREGISTER_newRegistration 

4+------- $ == -- 5 $5 55 = + 
[3s | SNMP_UNREGISTER_higherPriorityRegistered 

4+------- $ = - 5-5-5 = + 
| 6 | SNMP_UNREGISTER_byManager 

4+------- $ == -- 5-5 5 5 = + 
|7 | SNMP_UNREGISTER_timeout 

4+------- $ = - 5 5-5-5 55 = + 
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CLOSE REASON CODES 


following are valid reason codes in a CLOSE packet. 


EEE ee St Se A NS ts A A Y A GE Gi A ts PA A et ee ee rE + 

Table 21. Valid CLOSE reason codes 

------ AZ == -----------+ 

VALUE | REASON CODE | 

------ AZ 0200000002 0200002220 0000000000 20-00 ——————+ 

1 | SNMP_CLOSE_otherReason 

------ AZ == -----------+ 

2 | SNMP_CLOSE_goingDown 

------ $ 2000000000 2 0002000200 2002000022 ——————+ 

3 | SNMP_CLOSE_unsupportedVersion 

------ BZ === ---------F+ 

4 | SNMP_CLOSE_protocolError 

------ 4------------------------------------------ == ------------F+ 

5 | SNMP_CLOSE_authenticationFailure 

------ AZ 0002000000 2 0002222000 0000020200 ———————+ 

6 | SNMP CLOSE byManager 

—————— 4---------------------------------------------------------+ 

7 | SNMP_CLOSE_timeout 

------ AZ 2000000020 — 0-0 ——————+ 

8 | SNMP CLOSE openError 

------ AZ 2002020020 — 00000 ——————+ 
4. DPI 2.0 MIB DEFINITION 


DPI20-MIB DEFINITIONS ::= BEGIN 


-- Objects in this MIB are implemented in the local SNMP agent. 
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IMPORTS 
MODULE-IDENTITY, OBJECT-TYPE, snmpModules, enterprises 
FROM SNMPv2-SMI 


ibm OBJECT IDENTIFIER ::= { enterprises 2 } 
ibmDPI OBJECT IDENTIFIER = [ ibm 2 ) 
dpi20MIB OBJECT IDENTIFIER ::= ( ibmDPI 1 T 


dpi20MIB MODULE-IDENTITY 
LAST-UPDATED "94012100002" 
ORGANIZATION "IBM Research - T.J. Watson Research Center" 
CONTACT-INFO " Bert Wijnen 
Postal: IBM International Operations 
Watsonweg 2 
1423 ND Uithoorn 
The Netherlands 
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END 


SNMP-DPI March 1994 
Tel: +31, 297593316 
Fax: +31 2975 62468 
E-mail: wijnen@vnet.ibm.com" 
DESCRIPTION "MIB module describing DPI objects." 
::= { snmpModules x } 
dpiPort OBJECT IDENTIFIER ::= { dpi20MIB 1 } 


dpiPortForTCP OBJECT-TYPE 

SYNTAX INTEGER (0..65535) 

ACCESS read-only 

STATUS mandatory 

DESCRIPTION "The TCP port number on which the agent 
listens for DPI connections. A zero value 
means the agent has no DPI TCP port." 

::= { dpiPort 1 } 


dpiPortForUDP OBJECT-TYPE 

SYNTAX INTEGER (0..65535) 

ACCESS read-only 

STATUS mandatory 

DESCRIPTION "The UDP port number on which the agent 
listens for DPI packets. A zero value 
means the agent has no DPI UDP port." 

::= [ dpiPort 2 } 


5. SUBAGENT CONSIDERATIONS 


When implementing a sub-agent, it is strongly recommended to use the 
DPI version 2 approach (SNMPv2 based). This means: 

O Use SNMPv2 error codes only (even though we have definitions 
for the old SNMPvl error codes). 

O Do implement SET, COMMIT, UNDO processing properly. 

O For GET requests, use the SNMPv2 approach and pass back 
noSuchInstance or noSuchObject value if such is the case. 
Continue to process all remaining varBinds in this case. 

O For GETNEXT, use the SNMPv2 approach and pass back endOfMibView 
value if such is the case. Continue to process all remaining 
varBinds in this case. 

O When you are processing a request from the agent (GET, GETNEXT, 
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GETBULK, SET, COMMIT, UNDO) you are supposed to respond within 
the timeout period (which you can specify in the OPEN and 
REGISTER packets). If you fail to respond within that timeout 
period, the agent will most probably close your DPI connection 
and then discard your RESPONSE packet if it comes in later. If 
you Can detect that the response is not going to make it in 
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time, then you might decide to abort the request and return an 
SNMP_ERROR_genErr in the RESPONSE. 

O If you have a UDP "connected" sub-agent, or one that uses 
another unreliable protocol, you may want to issue an SNMP DPI 
ARE_YOU_THERE request once in a while to ensure that the agent 
is still alive and still knows about you. 

O When you are running on an EBCDIC based machine, and you use 
the (default) native character set, then all OID strings (as 
used for things like group ID, instance ID, Enterprise ID, 
sub-agent ID) and also all variable values of type 
OBJECT_IDENTIFIER or DisplayString will be passed to you in 
EBCDIC format. When you return a response, you should then 
also use EBCDIC FORMAT. 

O When you are running on an EBCDIC based machine, and you use 
the ASCII character set (specified in DPI OPEN), then all OID 
strings (as used for things like group ID, instance ID, 
Enterprise ID, sub-agent ID) and also all variable values of 
type OBJECT_IDENTIFIER or DisplayString will be passed to you 
in ASCII format. When you return a response, you should then 
also use ASCII FORMAT. 

O When you are running on an ASCII machine, then the character 
set selection for you basically is moot. Except maybe when you 
connect to an EBCDIC based agent, in which case you may want to 
specify in the DPI OPEN packet that you want to use ASCII 
character set. After that, all this is transparent to you and 
the burden of conversion is on the EBCDIC based agent. 

O Please realize that DisplayString is only a textual convention. 
In the SNMP PDU (SNMP packet), the type is Just an 
OCTET STRING, and from that it is not clear if this is a 
DisplayString or any arbitrary data. This means that the agent 
can only know about an object being a DisplayString if the 
object is included in some sort of a compiled MIB. If it is, 
then the agent will use SNMP_TYPE_DisplayString in the type 
field of the varBind in a DPI SET packet. When you send a 
DisplayString in a RESPONSE packet, the agent will handle it as 
such (e.g. translate EBCDIC to ASCII if needed). 


5.1 DPI API 


The primary goal of this document is to specify the SNMP DPI, a 
protocol by which sub-agents can exchange SNMP related information 
with an agent. On top of this protocol, one Can imagine one or 
possibly many Application Programming Interfaces, but those are not 
addressed in this document. 
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However, in order to provide an environment that is more or less 
platform independent, we strongly suggest to also define a DPI API. 
We have a sample DPI API available, see 9, "Sample Sources for 
Anonymous FTP" for a place to obtain that sample DPI API. 


5.2 OVERVIEW OF REQUEST PROCESSING 
5.2.1 GET PROCESSING 


A GET request is the easiest to process. The DPI GET packet holds 
one or more varBinds that the sub-agent has taken responsibility for. 


If the sub-agent encounters an error while processing the request, it 
creates a DPI RESPONSE packet with an appropriate error indication in 
the error_code field and sets the error_index to the position of the 
varBind at which the error occurs (first varBind is index 1, second 
varBind is index 2, and so on). No name/type/length/value 
information needs to be provided in the packet, because by 
definition, the varBind information is the same as in the request to 
which this is a response, and the agent still has that information. 


If there are no errors, then the sub-agent creates a DPI RESPONSE 
packet in which the error_code is set to SNMP_ERROR_noError (zero) 
and error_index is set to zero. The packet must also include the 
name/type/length/value of each varBind requested. When you get a 
request for a non-existing object or a non-existing instance of an 
object, then you must return a NULL value with a type of 
SNMP_TYPE_noSuchObject or SNMP_TYPE_noSuchInstance respectively. 


These two values are not considered errors, so the error_code and 
error_index should be zero. 


The DPI RESPONSE packet is then sent back to the agent. 
5.2.2 SET PROCESSING 


Processing a DPI SET request is more difficult than a DPI GET 
request. In the case of a DPI SET packet, additional information is 
available in the packet, namely the value type, value length and 
value to be set. 


If the sub-agent encounters an error while processing the request, it 
creates a DPI RESPONSE packet with an appropriate error indication in 
the error_code field and an error_index listing the position of the 
varBind at which the error occurs (first varBind is index 1, second 
varBind is index 2, and so on). No name/type/length/value 
information needs to provided in the packet, because by definition, 
the varBind information is the same as in the request to which this 


Wijnen, Carpenter, Curran, Sehgal & Waters [Page 44] 


RFC 1592 SNMP-DP 1 March 1994 


is a response, and the agent still has that information. 


If there are no errors, then the sub-agent creates a DPI RESPONSE 
packet in which the error_code is set to SNMP_ERROR_noError (zero) 
and error_index is set to zero. No name/type/length/value 
information is needed; by definition the RESPONSE to a SET should 
contain exactly the same varBind data as the data present in the 
request, so the agent can use the values it already has. (This 
suggests that the agent must keep state information, and that is 
indeed the case. It needs to do that anyway in order to be able to 
later pass the data with a DPI COMMIT or DPI UNDO packet). The sub- 
agent must have allocated the required resources and prepared itself 
for the SET. It does not yet effectuate the set, that will be done 
at COMMIT time. 


The sub-agent sends a DPI RESPONSE packet (indicating success or 
failure for the preparation phase) back to the agent. 


The agent will then issue a SET request for all other varBinds in the 
same original SNMP request it received. This may be to the same or 
to one or more different sub-agents. Once all SET requests have 
returned a "no error" condition, the agent starts sending DPI COMMIT 
packets to the sub-agent (s). If any SET request returns an error, 
then the agent sends DPI UNDO packets to those sub-agents that 
indicated successful processing of the SET preparation phase. 


When the sub-agent receives the DPI COMMIT packet, again all the 
varBind information will be available in the packet. The sub-agent 
Can now effectuate the SET request. 


If the sub-agent encounters an error while processing the COMMIT 
request, it creates a DPI RESPONSE packet with value 
SNMP_ERROR_commitFailed in the error_code field and an error_index 
that lists at which varBind the error occurs (first varBind is index 
1 and so on). No name/type/length/value information is needed. The 
fact that a commitFailed error exists does not mean that this error 
should be returned easily. A sub-agent should do all that is 
possible to make a COMMIT succeed. 


If there are no errors, and the SET/COMMIT has been effectuated with 
success, then the sub-agent creates a DPI RESPONSE packet in which 
the error_code is set to SNMP_ERROR_noError (zero) and error_index is 
set to zero. No name/type/length/value information is needed. 


So far we have discussed a SET, COMMIT sequence. That happens if all 
goes well. However, after a successful SET, the sub-agent may 
receive a DPI UNDO packet. The sub-agent must now undo any 
preparations it made during the SET processing (like free allocated 
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memory and such). Even after a COMMIT, a sub-agent may still receive 
a DPI UNDO packet. This is the case if some other sub-agent could 
not complete a COMMIT request. Because of the SNMP-requirement that 
all varBinds in a single SNMP SET request must be changed "as if 
simultaneous", all committed changes must be undone if any of the 
COMMIT requests fail. In this case the sub-agent must try and undo 
the committed SET operation. 


If the sub-agent encounters an error while processing the UNDO 
request, it creates a DPI RESPONSE packet with value 
SNMP_ERROR_undoFailed in the error_code field and an error_index that 
lists at which varBind the error occurs (first varBind is index 1 and 
so on). No name/type/length/value information is needed. The fact 
that an undoFailed error exists does not mean that this error should 
be returned easily. A sub-agent should do all that is possible to 
make an UNDO succeed. 


If there are no errors, and the UNDO has been effectuated with 
success, then the sub-agent creates a DPI RESPONSE packet in which 
the error_code is set to SNMP_ERROR_noError (zero) and error_index is 
set to zero. No name/type/length/value information is needed. 


5.2.3 GETNEXT PROCESSING 


GETNEXT requests are a bit more complicated to process than a GET. 
The DPI GETNEXT packet contains the object(s) on which the GETNEXT 
operation must be performed. The semantics of the operation are that 
the sub-agent is to return the name/type/length/value of the next 
variable it supports whose (ASN.1) name lexicographically follows the 
one passed in the group ID (sub-tree) and instance ID. 


In this case, the instance ID may not be present (NULL) implying that 
the NEXT object must be the first instance of the first object in the 
sub-tree that was registered. 


It is important to realize that a given sub-agent may support several 
discontiguous sections of the MIB tree. In such a situation it would 
be incorrect to jump from one section to another. This problem is 
correctly handled by examining the group ID in the DPI packet. This 
group ID represents the "reason" why the sub-agent is being called. 
It holds the prefix of the tree that the sub-agent had indicated it 
supported (registered). 


If the next variable supported by the sub-agent does not begin with 
that prefix, the sub-agent must return the same object instance as in 
the request (e.g. group ID and instance ID) with a value of 
SNMP_TYPE_endOfMibView (implied NULL value). This endOfMibView is 
not considered an error, so the error_code and error_index should be 
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zero. If required, the SNMP agent will call upon the sub-agent 
again, but pass it a different group ID (prefix). This is 
illustrated in the discussion below. 


Assume there are two sub-agents. The first sub-agent registers two 
distinct sections of the tree, A and C. In reality, the sub-agent 
supports variables A.1 and A.2, but it correctly registers the 
minimal prefix required to uniquely identify the variable class it 
supports. 


The second sub-agent registers a different section, B, which appears 
between the two sections registered by the first agent. 


If a management station begins dumping the MIB, starting from A, the 
following sequence of queries of the form get-next (group ID, instance 


ID) would be performed: 


Sub-agent 1 gets called: 


get-next (A,none) = A.1 
get-next (A, 1) = A.2 
get-next (A, 2) = endOfMibView 


Sub-agent 2 is then called: 
get-next (B,none) = B.1 
get-next (B, 1) = endOfMibView 


Sub-agent 1 gets called again: 
get-next (C,none) = C.l 


5.2.4 GETBULK PROCESSING 


You can ask the agent to translate GETBULK requests into multiple 
GETNEXT requests. This is basically the default and it is specified 
in the DPI REGISTER packet. In principle, we expect the majority of 
DPI sub-agents to run on the same machine as the agent (or otherwise, 
on the same physical network), so repetitive GETNEXT requests stay 
local and in general should not be a problem. 


If experience tells us different, the sub-agent can tell the agent to 
pass on a DPI GETBULK packet. 


When a GETBULK request is received, the sub-agent must process the 
request and send a RESPONSE that sends back as many varBinds as 
requested by the request, as long as they fit with in the buffers. 


The GETBULK requires similar processing as a GETNEXT with regard to 
endOfMibView handling. 
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5.2.5 OPEN REQUEST 


As the very first step, a DPI sub-agent must open a "connection" with 
the agent. To do so, it must send a DPI OPEN packet in which these 
things must be specified: 


O The max timeout value in seconds. The agent is requested to 
wait this long for a response to any request for an object 
being handled by this sub-agent. The agent may have an 
absolute maximum timeout value which will be used if the 
sub-agent asks for too big a timeout value. A value of zero 
can be used to indicate that the agent’s own default timeout 
value should be used. A sub-agent is advised to use a 
reasonably short interval of a few seconds or so. If a 
specific sub-tree needs a (much) longer time, then a specific 
REGISTER can be done for that sub-tree with a longer timeout 
value. 

O The maximum number of varBinds that the sub-agent is prepared 
to handle per DPI packet. Specifying 1 would result in DPI 
version 1 behavior of one varBind per DPI packet that the agent 
sends to the sub-agent. 

O The character set you want to use. By default (value 0) this is 
the native character set of the machine (platform) where the 
agent runs. 

Since the sub-agent and agent normally run on the same system 
or platform, you want to use the native character set (which on 
many platforms is ASCII anyway). 

If your platform is EBCDIC based, then using the native 
character set of EBCDIC makes it easy to recognize the string 
representations of the fields like group ID, instance ID, etc. 


At the same time, the agent will translate the value from ASCII 
NVT to EBCDIC (and vice versa) for objects that it knows (from 
a compiled MIB) to have a textual convention of DisplayString. 
Be aware that this fact cannot be determined from the SNMP PDU 
encoding because in the PDU the object is only known to be an 
OCTET_STRING. 
If your sub-agent runs on an ASCII based platform and the agent 
runs on an EBCDIC based platform (or the other way around), 
then you can specify that you want to use the ASCII character 
set, and so you both know how to handle the string-based data. 
Beware that not all agents need to support other than native 
character set selection. See 5, "Subagent Considerations" 
and 3.3.5, "Character set selection" for more information on 
character set usage. 

O The sub-agent ID. This an ASN.1 Object Identifier that 
uniquely identifies the sub-agent. This OID is represented as 
a null terminated string using the selected character set. 
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Examples "1.23. 5.262.345". 


O The sub-agent Description. This is a DisplayString describing 
the sub-agent. This is a character string using the selected 
character set. Example: "DPI sample sub-agent version 2.0" 


Once a sub-agent has sent a DPI OPEN packet to an agent, it should 
expect a DPI RESPONSE packet that informs the sub-agent about the 
result of the request. The packet ID of the RESPONSE packet should 
be the same as that of the OPEN request to which the RESPONSE packet 
is the response. See Table 19 for a list of valid DPI RESPONSE error 
codes that may be expected. If you receive an error RESPONSE on the 
OPEN packet, then you will also receive a DPI CLOSE packet with an 
SNMP_CLOSE_openError code, and then the agent closes the 
"connection". 


If the OPEN is accepted, then the next step is to REGISTER one or 
more MIB sub-trees. 


5.2.6 CLOSE REQUEST 


When a sub-agent is finished and wants to terminate it should first 
UNREGISTER its sub-trees and then close the "connection" with the 
agent. To do so, it must send a DPI CLOSE packet in which it 
specifies a reason for the closing. See Table 21 for a list of valid 
CLOSE reason codes. You should not expect a response to the CLOSE 
request. 


A sub-agent should also be prepared to handle an incoming DPI CLOSE 
packet from the agent. Again, the packet will contain a reason code 
for the CLOSE request. A sub-agent need not send a response to a 
CLOSE request. The agent just assumes that the sub-agent will handle 
it appropriately. The close takes place, no matter what the sub- 
agent does with it. 


5.2.7 REGISTER REQUEST 


Before a sub-agent will receive any requests for MIB variables it 

must first register the variables or sub-tree it supports with the 
SNMP agent. The sub-agent must specify a number of things in the 

REGISTER request: 


O The sub-tree to be registered. This is a null terminated 
string in the selected character set. The sub-tree must have a 
trailing dot (example: "1.3.6.1.2.3.4.5."). 

O The requested priority for the registration, one of: 


-1 Request for best available priority. 
0 Request for next better available priority than highest 
priority currently registered for this sub-tree. 
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NNN Any other positive value requests that specific priority if 
available or the first worse priority that is available. 


O The max timeout value in seconds. The agent is requested to 
wait this long for a response to any request for an object in 
this sub-tree. The agent may have an absolute maximum timeout 


value which will be used if the sub-agents asks for too big a 
timeout value. A value of zero can be used to indicate that 
the DPI OPEN value should be used for timeout. 

O A specification if the sub-agent wants to do view selection. 
If it does, then the community name (from SNMPvl packets) will 
be passed in the DPI GET, GETNEXT, SET packets). 

O A specification if the sub-agent wants to receive GETBULK 
packets or if it just prefers that the agent converts a GETBULK 
into multiple GETNEXT requests. 


Once a sub-agent has sent a DPI REGISTER packet to the agent, it 
should expect a DPI RESPONSE packet that informs the sub-agent about 
the result of the request. The packet ID of the RESPONSE packet 
should be the same as that of the REGISTER packet to which the 
RESPONSE packet is the response. If the response indicates success, 
then the error_index field in the RESPONSE packet contains the 
priority that the agent assigned to the sub-tree registration. See 
Table 19 for a list of valid DPI RESPONSE error codes that may be 
expected. 


5.2.8 UNREGISTER REQUEST 


A sub-agent may unregister a previously registered sub-tree. The 
sub-agent must specify a few things in the UNREGISTER request: 


O The sub-tree to be unregistered. This is a null terminated 
string in the selected character set. The sub-tree must have a 
trailing dot (example: "1.3.6.1.2.3.4.5."). 

O The reason for the unregister. See Table 20 for a 


list of valid reason codes. 


Once a sub-agent has sent a DPI UNREGISTER packet to the agent, it 
should expect a DPI RESPONSE packet that informs the sub-agent about 
the result of the request. The packet ID of the RESPONSE packet 
should be the same as that of the REGISTER packet to which the 
RESPONSE packet is the response. See Table 19 for a list of valid 
DPI RESPONSE error codes that may be expected. 


E 


A sub-agent should also be prepared to handle incoming DPI UNREGISTER 
packets from the agent. Again, the DPI packet will contain a reason 
code for the UNREGISTER. A sub-agent need not send a response to an 
UNREGISTER request. The agent just assumes that the sub-agent will 
handle it appropriately. The registration is removed, no matter what 
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the sub-agent returns. 
5.2.9 TRAP REQUEST 


A sub-agent can request that the SNMP agent generates a trap for it. 
The sub-agent must provide the desired values for the generic and 
specific parameters of the trap. It may optionally provide a set of 
one or more name/type/length/value tuples that will be included in 
the trap packet. Also, it may optionally specify an Enterprise ID 
(Object Identifier) for the trap to be generated. If a NULL value is 
specified for the Enterprise ID, then the agent will use the sub- 
agent Identifier (from the DPI OPEN packet) as the Enterprise ID to 
be sent with the trap. 


5.2.10 ARE YOU THERE REQUEST 


A sub-agent can send an ARE YOU THERE packet to the agent. This may 
be useful to do if you have a DPI "connection" over an unreliable 
transport protocol (like UDP). 


If the "connection" is in a healthy state, the agent responds with a 
RESPONSE packet with SNMP ERROR DPI noError. 


If the "connection" is not in a healthy state, the agent may respond 
with a RESPONSE packet with an error indication, but the agent might 
not react at all, so you would timeout while waiting for a response. 


5.2.11 HOW TO QUERY THE DPI PORT. 


The DPI API implementations are encouraged to provide a facility that 
helps DPI sub-agent programmers to dynamically find the port that the 
agent is using for the TCP and/or UDP DPI port (s). A suggested name 

for such a function is: query DPI port (). 
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7. SECURITY CONSIDERATIONS 


Security issues are not discussed in this memo. 
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9. SAMPLE SOURCES FOR ANONYMOUS FTP 


An implementation sample of a DPI API (as used at the agent and sub- 
agent side) plus sample sub-agent code and documentation are 
available for anonymous FTP from: 


software.watson.ibm.com (129.34.139.5) 
To obtain the source, perform the following steps: 


ftp software.watson.ibm.com 

user: anonymous 

password: your_e-mail_address 

cd /public/dpi 

get README 

binary 

get dpi_api.tar (or compressed dpi_api.tar.Z) 
quit 


Wijnen, Carpenter, Curran, Sehgal & Waters [Page 54] 


